I'm trying to use ADFS as a SAML identity provider, then use OIDC to authenticate an application on JBoss EAP.
The IDP redirects to AD and back to Keycloak seem to work fine, and a list of groups is provided as an assertion. When I debug within the protected application, however, the groups from the SAML assertion are not passed through. If I make a role in Keycloak and manually assign it to a user, it does get passed through.
Is this something that should be supported and I'm just not configuring something right?
Environment: Keycloak 1.9.2.Final running on OpenShift Enterprise 3.1.
----
Jason Hobbs
Lead Engineer Shop Floor Systems
Email: Jason.Hobbs@shawinc.com | Office: (706) 532-3858 | Calendar
Shaw Industries Group Inc. | 201 S. Hamilton St., Dalton, GA 30720 | MD 0IS-01 | shawfloors.com
********************************************************** Privileged and/or confidential information may be contained in this message. If you are not the addressee indicated in this message (or are not responsible for delivery of this message to that person) , you may not copy or deliver this message to anyone. In such case, you should destroy this message and notify the sender by reply e-mail.If you or your employer do not consent to Internet e-mail for messages of this kind, please advise the sender.Shaw Industries does not provide or endorse any opinions, conclusions or other information in this message that do not relate to the official business of the company or its subsidiaries.**********************************************************
_______________________________________________ keycloak-user mailing list keycloak-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user
-- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com